In a Fabric workspace that contains a lakehouse named Lakehouse1, which workspace role should you assign to User1 to follow the principle of least privilege for reading Lakehouse1 data?

In Fabric, the workspace role you grant determines what a user can do with data assets like a Lakehouse. For reading Lakehouse1 data while keeping permissions as low as possible, you need a role that provides enough access to the lakehouse contents without offering admin capabilities. The Contributor role is the smallest that includes the data access required to read Lakehouse data. It gives read access to assets and the ability to interact with and modify assets as needed, which is sufficient for reading data in Lakehouse1 but avoids the broader, higher-privilege scope of Admin. The Viewer role is often more restrictive, and in this context may not grant the necessary access to the lakehouse’s data plane, while Admin would be over-privileged. Therefore, assigning the Contributor role to User1 aligns with the principle of least privilege for reading Lakehouse1 data.